Prerequisites¶
Prepare before the workshop
To ensure a seamless workshop experience, complete the following checklist items in order.
Set up a GitHub account¶
Login to your GitHub account.
You may create a new GitHub account, if you do not already have one. (1)
- Clicking the button below will open the page on a new tab, for you to create a new GitHub account. Keep your
@handle
handy after you have logged in.
Clone the workshop project to your own account¶
- Create workshop project
-
In the new tab, most of the prompts will automatically fill in for you and the default settings should be fine. Otherwise...
- For owner, choose your personal account or.
-
We recommend creating a public repository. (1)
-
Public repositories benefit from
-
-
Scroll down and click the
button at the bottom of the form.Expand for sample view...
-
After creation of your new repository has begun, wait about 20 seconds, then refresh the page.
Enable Discussions¶
- On GitHub.com, navigate to the main page of your new repository.
- Under your repository name, click Settings.
- Scroll down to the "Features" section and click
Configure base security¶
- Navigate to the Settings tab on your new workshop repository.
-
Under the "Security" section of the menu, select Code security and analysis. Then configure the settings to match as follows (by clicking
where the option is/becomes available).Further configurations guide...
-
Dependabot version updates
When enabling, you will be prompted to edit the
.github/dependabot.yml
configuration file. Simply navigate back on your browser or click on to leave the prompt, and to continue the base security configuration. -
CodeQL analysis
- From the , select the Default option.
- Leave the default settings in the prompt that follows, and simply click on to continue.
-
Protection rules
Select the configuration as shown below.
-
Register a GitHub App¶
- In the upper-right corner of any page on GitHub, click your profile photo.
- Navigate to your account Settings.
- In the left sidebar, click Developer settings.
- In the left sidebar, click GitHub Apps
-
Click New GitHub App
Provide the form fields value as follows
GitHub App Name..........: <YOUR-HANDLE>-bot Homepage URL.............: https://github.com/<YOUR-HANDLE>/github-devsecops-fundamentals Webhook Active.................: DESELECT Repository permissions Actions................: Read and write Administration.........: Read and write Contents...............: Read and write Deployments............: Read and write Discussions............: Read and write Environments...........: Read and write Pages..................: Read and write Where can this GitHub App be installed? Any account.................: SELECT
-
Generate a private key for the new GitHub App as documented in here.
-
Save the GitHub App private key to your new repository's secrets under the name of
APP_PRIVATE_KEY_ACTIONS_ASSISTANT
. -
Save the GitHub App's
appid
to your new repository's variables under the name ofAPP_ID_ACTIONS_ASSISTANT
. -
Goto
https://github.com/apps/<YOUR-HANDLE>-bot
. Install the app in the repository you created earlier.Expand for additional guide and sample views...
What is the use of a GitHub App?
When you use the repository's
GITHUB_TOKEN
to perform tasks, events triggered by theGITHUB_TOKEN
, with the exception ofworkflow_dispatch
andrepository_dispatch
, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository'sGITHUB_TOKEN
, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.If you do want to trigger a workflow from within a workflow run, you can use a GitHub App installation access token or a personal access token instead of
GITHUB_TOKEN
to trigger events that require a token.If you use a GitHub App, you'll need to create a GitHub App and store the app ID and private key as secrets.
During the course of the workshop exercises, you will discover how the GitHub App is used to trigger the automatic deployment of release artifacts.
Create a project board for the repository¶
-
Open the recently created workshop repository.
-
Navigate to the Projects tab.
-
Open the
dropdown menu . Then select the New Project option. -
Click on the
button to start the project creation wizard. - Select the Team backlog template.
- Give a name to the project
- Finally click on the button.
Provision a new cloud development environment for the workshop¶
GitHub Codespaces enables you to instantly start coding on the workshop project. Personal accounts on GitHub can benefit from a free quota of GitHub Codespaces usage.
-
Navigate to the Code tab.
-
Open the
menu and click on .Expand for sample view...
-
Leave the Codespace development environment to initialize and run, we will come back to use it later.